23 matches found
EUVD-2026-31364
For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...
PT-2026-42557
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description The OAuth 2.0 Authorization-Code Handler fails to verify account status. This allows users who are suspended, banned, or terminated employees, specifically those with the uIsActive variable set ...
CVE-2017-18443
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding SEC-247...
BIT-MASTODON-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users
Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...
CVE-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users
Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...
CVE-2025-62175
Mastodon has a vulnerability in streaming API handling: in versions < 4.4.6, < 4.3.14, and
CVE-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users
Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...
Mastodon 安全漏洞
Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions prior to 4.4.6, prior to 4.3.14, and prior to 4.2.27, which stems from failing to disconnect from the Streaming API when disabling or suspending a...
EUVD-2017-9559
Malware in sbrugna...
EUVD-2007-2588
Malware in sbrugna...
USN-6761-1: Anope vulnerability
It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password...
USN-6761-1 anope vulnerability
It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password...
DEBIAN-CVE-2024-30187
Anope before 2.0.15 does not prevent resetting the password of a suspended account...
PT-2024-23238 · Anope +3 · Anope +3
Name of the Vulnerable Software and Affected Versions: Anope versions prior to 2.0.15 Description: The issue allows resetting the password of a suspended account. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where th...
Guidance on Microsoft Signed Drivers Being Used Maliciously
Executive Summary: Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program MWHDP were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the...
SUSE CVE-2018-1082
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site...
Twitter Suspends Accounts Used to Snare Security Researchers
Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 – specifically used to trick security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. The campaign was first discovered by the Google Threat Analysis Group TAG in January an...
Bot Mafias Have Wreaked Havoc in 'World of Warcraft Classic'
Blizzard has suspended or closed over 74,000 accounts in the last month, as bots have upended the game's economy...
Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users
Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it...
CVE-2017-18443
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding SEC-247...